rollout
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill performs expected operations for a deployment and verification tool, including reading local site data, performing network GET requests for verification, and modifying project files to apply intended fixes.
- [DATA_EXPOSURE]: The skill handles project configuration and uses a deployment token (DA_TOKEN), but no hardcoded credentials or unauthorized data exfiltration patterns were found. Network activity is limited to content verification and image resolution checks.
- [COMMAND_EXECUTION]: The skill provides instructions for the user to execute Node.js scripts from the command line. These scripts perform deterministic file and network operations without utilizing dynamic execution (eval/exec) or acquiring elevated privileges.
- [INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface for untrusted data (HTML files from the site being migrated). While these files could theoretically contain content designed to influence the regex-based 'autofix' logic, the risk is considered a standard operational aspect of a migration tool controlled by the developer.
Audit Metadata